Digital data storage system

ABSTRACT

An efficient method for breaking source data into smaller data subsets and storing those subsets along with coded information about some of the other data subsets on different storage nodes such that the original data can be recreated from a portion of those data subsets in an efficient manner.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a distributed data storage system and method for storing data, and more particularly, to a system and method for storing subsets of an original set of data on multiple data storage devices in one or more locations such that the individual data subsets on each digital data storage device are unrecognizable and unusable except when combined with data subsets from other digital data storage devices and in which the data subsets are selected by way of information dispersal algorithms so that even if there is a failure of one or more digital data storage devices, the original data can be reconstructed.

2. Description of the Prior Art

Various data storage systems are known for storing data. Normally such data storage systems store all of the data associated with a particular data set, for example, all the data of a particular user or all the data associated with a particular software application or all the data in a particular file, in a single data space (i.e single digital data storage device). Critical data is known to be initially stored on redundant digital data storage devices. Thus, if there is a failure of one digital data storage device, a complete copy of the data is available on the other digital data storage device. Examples of such systems with redundant digital data storage devices are disclosed in U.S. Pat. Nos. 5,890,156; 6,058,454; and 6,418,539, hereby incorporated by reference. Although such redundant digital data storage systems are relatively reliable, there are other problems with such systems. First, such systems essentially double the cost of digital data storage. Second, all of the data in such redundant digital data storage systems is in one place making the data vulnerable to unauthorized access.

In order to improve the security and thus the reliability of the data storage system, the data may be stored across more than one storage device, such as a hard drive, or removable media, such as a magnetic tape or a so called “memory stick” as set forth in U.S. Pat. No. 6,128,277, hereby incorporated by reference, as well as for reasons relating to performance improvements or capacity limitations. For example, recent data in a database might be stored on a hard drive while older data that is less often used might be stored on a magnetic tape. Another example is storing data from a single file that would be too large to fit on a single hard drive on two hard drives. In each of these cases, the data subset stored on each data storage device does not contain all of the original data, but does contain a generally continuous portion of the data that can be used to provide some usable information. For example, if the original data to be stored was the string of characters in the following sentence:

-   -   The quick brown fox jumped over the lazy dog.         and that data was stored on two different data storage devices,         then either one or both of those devices would contain usable         information. If, for example, the first 20 characters of that 45         character string was stored on one data storage device the         remaining 25 characters were stored on a second data storage         device, then the sentence be stored as follows:     -   The quick fox jumped (Stored on the first storage device) over         the lazy brown dog. (Stored on the second storage device)

In each case, the data stored on each device is not a complete copy of the original data, but each of the data subsets stored on each device provides some usable information.

Typically, the actual bit pattern of data storage on a device, such as a hard drive, is structured with additional values to represent file types, file systems and storage structures, such as hard drive sectors or memory segments. The techniques used to structure data in particular file types using particular file systems and particular storage structures are well known and allow individuals familiar with these techniques to identify the source data from the bit pattern on a physical media.

In order to make sure that stored data is only available only to authorized users, data is often stored in an encrypted form using one of several known encryption techniques, such as DES, AES or several others. These encryption techniques store data is some coded form that requires a mathematical key that is ideally known only to authorized users or authorized processes. Although these encryption techniques are difficult to “break”, instances of encryption techniques being broken are known making the data on such data storage systems vulnerable to unauthorized access.

In addition to securing data using encryption, several methods for improving the security of data storage using information dispersal algorithms have been developed, for example as disclosed in U.S. Pat. No. 6,826,711 and U.S. patent application Publication No. US 2005/0144382, hereby incorporated by reference. Such information dispersal algorithms are used to “slice” the original data into multiple data subsets and distribute these subsets to different storage nodes (i.e different digital data storage devices). Individually, each data subset or slice does not contain enough information to recreate the original data; however, when threshold number of subsets (i.e. less than the original number of subsets) are available, all the original data can be exactly created.

The use of such information dispersal algorithms in data storage systems is also described in various trade publications. For example, “How to Share a Secret”, by A. Shamir, Communications of the ACM, Vol. 22, No. 11, November,1979, describes a scheme for sharing a secret, such as a cryptographic key, based on polynomial interpolation. Another trade publication, “Efficient Dispersal of Information for Security, Load Balancing, and Fault Tolerance”, by M. Rabin, Journal of the Association for Computing Machinery, Vol. 36, No. 2, April 1989, pgs. 335-348, also describes a method for information dispersal using an information dispersal algorithm. Unfortunately, these methods and other known information dispersal methods are computationally intensive and are thus not applicable for general storage of large amounts of data using the kinds of computers in broad use by businesses, consumers and other organizations today. Thus there is a need for a data storage system that is able to reliably and securely protect data that does not require the use of computation intensive algorithms.

SUMMARY OF THE INVENTION

Briefly, the present invention relates to a digital data storage system in which original data to be stored is separated into a number of data “slices” or subsets in such a manner that the data in each subset is less usable or less recognizable or completely unusable or completely unrecognizable by itself except when combined with some or all of the other data subsets. These data subsets are stored on separate digital data storage devices as a way of increasing privacy and security. After the system “slices” the original data into data subsets, a coding algorithm is used on the data subsets to create coded data subsets. Each data subset and its corresponding coded subset may be transmitted separately across a communications network and/or stored in separate storage nodes in an array of storage nodes. In order to recreate the original data, the data subsets and coded subsets are retrieved from some or all of the storage nodes or communication channels, depending on the availability and performance of each storage node and each communication channel. The original data is then recreated by applying a series of decoding algorithms to the retrieved data and coded data. In accordance with an important aspect of the invention, the system codes and decodes data subsets in a manner that is computationally efficient relative to known systems in order to enable broad use of this method using the types of computers generally used by businesses, consumers and other organizations currently.

DESCRIPTION OF THE DRAWING

These and other advantages of the present invention will be readily understood with reference to the following drawing and attached specification wherein:

FIG. 1 is a block diagram of an exemplary data storage system with six storage nodes in accordance with the present invention which illustrates how the original data is sliced into data subsets, coded and transmitted to a separate digital data storage device or node.

FIG. 2 is similar to FIG. 1 but illustrates how the data subsets from all of the exemplary six nodes are retrieved and decoded to recreate the original data set.

FIG. 3 is similar to FIG. 2 but illustrates a condition of a failure of one of the six digital data storage devices.

FIG. 4 is similar FIG. 3 but for the condition of a failure of three of the six digital data storage devices.

FIG. 5 is an examplary table in accordance with the present invention that can be used to recreate data which has been stored on the exemplary six digital data storage devices.

FIG. 6 is an exemplary table that lists the decode equations for an exemplary six node storage data storage system for a condition of two node outages

FIG. 7 is is similar to FIG. 6 but for a condition with three node outages

FIG. 8 is a table that lists all possible storage node outage states for an exemplary data storage system with nine storage nodes for a condition with two node outages.

DETAILED DESCRIPTION

The present invention relates to a data storage system. In order to protect the security of the original data, the original data is separated into a number of data “slices” or subsets. The amount of data in each slice is less usable or less recognizable or completely unusable or completely unrecognizable by itself except when combined with some or all of the other data subsets. In particular, the system in accordance with the present invention “slices” the original data into data subsets and uses a coding algorithm on the data subsets to create coded data subsets. Each data subset and its corresponding coded subset may be transmitted separately across a communications network and stored in a separate storage node in an array of storage nodes. In order to recreate the original data, data subsets and coded subsets are retrieved from some or all of the storage nodes or communication channels, depending on the availability and performance of each storage node and each communication channel. The original data is recreated by applying a series of decoding algorithms to the retrieved data and coded data.

As with other known data storage systems based upon information dispersal methods, unauthorized access to one or more data subsets only provides reduced or unusable information about the source data. In accordance with an important aspect of the invention, the system codes and decodes data subsets in a manner that is computationally efficient relative to known systems in order to enable broad use of this method using the types of computers generally used by businesses, consumers and other organizations currently.

In order to understand the invention, consider a string of N characters d₀, d₁, . . . , d_(N) which could comprise a file or a system of files. A typical computer file system may contain gigabytes of data which would mean N would contain trillions of characters. The following example considers a much smaller string where the data string length, N, equals the number of storage nodes, n. To store larger data strings, these methods can be applied repeatedly. These methods can also be applied repeatedly to store large computer files or entire file systems.

For this example, assume that the string contains the characters, O L I V E R where the string contains ASCII character codes as follows: d₀=O=79 d₁=L=76 d₂,=I=73 d₃,=V=86 d₄,=E=69 d₅=R=82

The string is broken into segments that are n characters each, where n is chosen to provide the desired reliability and security characteristics while maintaining the desired level of computational efficiency—typically n would be selected to be below 100. In one embodiment, n may be chosen to be greater than four (4) so that each subset of the data contains less than, for example, ¼ of the original data, thus decreasing the recognizablity of each data subset.

In an alternate embodiment, n is selected to be six (6), so that the first original data set is separated into six (6) different data subsets as follows: A=d₀, B=d₁, C=d₂, D=d₃, E=d₄, F=d₅

For example, where the original data is the starting string of ASCII values for the characters of the text O L I V E R, the values in the data subsets would be those listed below: A=79 B=76 C=73 D=86 E=69 F=82

In this embodiment, the coded data values are created by adding data values from a subset of the other data values in the original data set. For example, the coded values can be created by adding the following data values: c[x]=d[n_mod(x+1)]+d[n_mod(x+2)]+d[n_mod(x+4)] where:

-   -   c[x] is the xth coded data value in the segment array of coded         data values     -   d[x+1] is the value in the position 1 greater than x in a array         of data values     -   d[x+2] is the value in the position 2 greater than x in a array         of data values     -   d[x+4] is the value in the position 4 greater than x in a array         of data values     -   n_mod( ) is function that performs a modulo operation over the         number space 0 to n−1         Using this equation, the following coded values are created:         cA, cB, cC, cD, cE, cF         where cA, for example, is equal to B+C+E and represents the         coded value that will be communicated and/or stored along with         the data value, A.

For example, where the original data is the starting string of ASCII values for the characters of the text O L I V E R, the values in the coded data subsets would be those listed below: cA=218 cB=214 cC=234 cD=227 cE=234 cF=241

In accordance with the present invention, the original data set 20, consisting of the exemplary data ABCDEF is sliced into, for example, six (6) data subsets A, B, C, D, E and F. The data subsets A, B, C, D, E and F are also coded as discussed below forming coded data subsets cA, cB, cC, cD, cE and cF. The data subsets A, B, C, D, E and F and the coded data subsets cA, cB, cC, cD, cE and cF are formed into a plurality of slices 22, 24, 26, 28, 30 and 32 as shown, for example, in FIG. 1. Each slice 22, 24, 26, 28, 30 and 32, contains a different data value A, B, C, D, E and F and a different coded subset cA, cB, cC, cD, cE and cF. The slices 22, 24, 26, 28, 30 and 32 may be transmitted across a communications network, such as the Internet, in a series of data transmissions to a series and each stored in a different digital data storage device or storage node 34, 36, 38, 40, 42 and 44.

In order to retrieve the original data (or receive it in the case where the data is just transmitted, not stored), the data can reconstructed as shown in FIG. 2. Data values from each storage node 34, 36, 38, 40, 42 and 44 are transmitted across a communications network, such as the Internet, to a receiving computer (not shown). As shown in FIG. 2, the receiving computer receives the slices 22, 24, 26, 28, 30 and 32, each of which contains a different data value A, B, C, D, E and F and a different coded value cA, cB, cC, cD, cE and cF.

For a variety of reasons, such as the outage or slow performance of a storage node 34, 36, 38, 40, 42 and 44 or a communications connection, not all data slices 22, 24, 26, 28, 30 and 32 will always be available each time data is recreated. FIG. 3 illustrates a condition in which the present invention recreates the original data set when one data slice 22, 24, 26, 28, 30 and 32, for example, the data slice 22 containing the data value A and the coded value cA are not available. In this case, the original data value A can be obtained as follows: A=cC−D−E where cC is a coded value and D and E are original data values, available from the slices 26, 28 and 30, which are assumed to be available from the nodes 38, 40 and 42, respectively. In this case the missing data value can be determined by reversing the coding equation that summed a portion of the data values to create a coded value by subtracting the known data values from a known coded value.

For example, where the original data is the starting string of ASCII values for the characters of the text O L I V E R, the data value of the A could be determined as follows: A=234−86−69

Therefore A=79 which is the ASCII value for the character, O.

In other cases, determining the original data values requires a more detailed decoding equation. For example, FIG. 4 illustrates a condition in which three (3) of the six (6) nodes 34, 36 and 42 which contain the original data values A, B and E and their corresponding coded values cA, cB and cE are not available. These missing data values A, B and E and corresponding in FIG. 4 can be restored by using the following sequence of equations: B=(cD−F+cF−cC)/2   1. E=cD−F−B   2. A=cF−B−D   3.

These equations are performed in the order listed in order for the data values required for each equation to be available when the specific equation is performed.

For example, where the original data is the starting string of ASCII values for the characters of the text O L I V E R, the data values of the B, E and A could be determined as follows: B=(227−82+241−234)/2   1. B=76 E=227−82−76   2. E=69 A=241−76−86   3. A=79

In order to generalize the method for the recreation of all original data ABCDEF when n=6 and up to three slices 22, 24, 26, 28 30 and 32 are not available at the time of the recreation, FIG. 5 contains a table that can be used to determine how to recreate the missing data.

This table lists the 40 different outage scenarios where 1, 2, or 3 out of six storage nodes are be not available or performing slow enough as to be considered not available. In the table in FIG. 5, an ‘X’ in a row designates that data and coded values from that node are not available. The ‘Type’ column designates the number of nodes not available. An ‘Offset’ value for each outage scenario is also indicated. The offset is the difference the spatial position of a particular outage scenario and the first outage scenario of that Type.

The data values can be represented by the array d[x], where x is the node number where that data value is stored. The coded values can be represented by the array c[x].

In order to reconstruct missing data in an outage scenario where one node is not available in a storage array where n=6, the follow equation can be used: d+offset]=c3d(2, 3, 4, offset)

where c3d( ) is a function in pseudo computer software code as follows: c3d(coded_data_pos, known_data_a_pos, known_data_b_pos, offset) { unknown_data= c[n_mod(coded_data_pos+offset)]− d[n_mod(known_data_a_pos+offset)]− d[n_mod(known_data_b_pos+offset)]; return unknown_data } where n_mod( ) is the function defined previously.

In order to reconstruct missing data in an outage scenario where two nodes are not available in a storage array where n=6, the equations in the table in FIG. 6 can be used. In FIG. 6, the ‘Outage Type Num’ refers to the corresponding outage ‘Type’ from FIG. 5. The ‘Decode Operation’ in FIG. 6 refers to the order in which the decode operations are performed. The ‘Decoded Data’ column in FIG. 6 provides the specific decode operations which produces each missing data value.

In order to reconstruct missing data in an outage scenario where three nodes are not available in a storage array where n=6, the equations in the table in FIG. 7 can be used. Note that in FIG. 7, the structure of the decode equation for the first decode for outage type=3 is a different structure than the other decode equations where n=6.

The example equations listed above are typical of the type of coding and decoding equations that create efficient computing processes using this method, but they only represent one of many examples of how this method can be used to create efficient information distribution systems. In the example above of distributing original data on a storage array of 6 nodes where at least 3 are required to recreate all the data, the computational overhead of creating the coded data is only two addition operations per byte. When data is decoded, no additional operations are required if all storage nodes and communications channels are available. If one or two of the storage nodes or communications channels are not available when n=6, then only two additional addition/subtraction operations are required to decode each missing data value. If three storage nodes or communications channels are missing when n=6, then just addition/subtraction operations are required for each missing byte in 11 of 12 instances—in that twelfth instance, only 4 computational operations are required (3 addition/subtractions and one division by an integer). This method is more computationally efficient that known methods, such as those described by Rabin and Shamir.

This method of selecting a computationally efficient method for secure, distributed data storage by creating coded values to store at storage nodes that also store data subsets can be used to create data storage arrays generally for configurations where n=4 or greater. In each case decoding equations such as those detailed above can be used to recreate missing data in a computationally efficient manner.

Coding and decoding algorithms for varying grid sizes which tolerate varying numbers of storage node outages without original data loss can also be created using these methods. For example, to create a 9 node grid that can tolerate the loss of 2 nodes, a candidate coding algorithm is selected that uses a mathematical function that incorporates at least two other nodes, such as: c[x]d[n_mod(x+1)]+d[n_mod(x+2)] where:

-   -   n=9, the number of storage nodes in the grid     -   c[x] is the xth coded data value in the segment array of coded         data values     -   d[x+1] is the value in the position 1 greater than x in a array         of data values     -   d[x+2] is the value in the position 2 greater than x in a array         of data values     -   n_mod( ) is function that performs a mod over the number space 0         to n−1

In this example embodiment, n=9, the first data segment is separated into different data subsets as follows: A=d₀, B=d₁, C=d₂, D=d₃, E=d₄, F=d₅, G=d₆, H=d₇, I=d₈ Using this candidate coding algorithm equation above, the following coded values are created: cA, cB, cC, cD, cE, cF, cG, cH, cI

The candidate coding algorithm is then tested against all possible grid outage states of up to the desired number of storage node outages that can be tolerated with complete data restoration of all original data. FIG. 8 lists all possible storage grid cases for a 9 storage node grid with 2 storage node outages. Although there are 36 outage cases on a 9 node storage grid with 2 storage node outages, these can be grouped into 4 Types as shown in FIG. 8. Each of these 4 Types represent a particular spatial arrangement of the 2 outages, such as the 2 storage node outages being spatially next to each other in the grid (Type 1) or the 2 storage node outages being separated by one operating storage node (Type 2). The offset listed in FIG. 8 shows the spatial relationship of each outage case within the same Type as they relate to the first outage case of that Type listed in that table. For example, the first instance of a Type 1 outage in FIG. 8 is the outage case where Node0 and Node1 are out. This first instance of a Type 1 outage is then assigned the Offset value of 0. The second instance of a Type 1 outage in FIG. 8 is the outage case where Node1 and Node2 are out. Therefore, this second instance of a Type 1 outage is assigned the Offset value of 1 since the two storage nodes outages occur at storage nodes that are 1 greater than the location of the storage node outages in the first case of Type 1 in FIG. 8.

The validity of the candidate coding algorithm can them be tested by determining if there is a decoding equation or set of decoding equations that can be used to recreate all the original data in each outage Type and thus each outage case. For example, in the first outage case in FIG. 8, Node0 and Node1 are out. This means that the data values A and B are not directly available on the storage grid. However, A can be recreated from cH as follows: cH=I+A A=cH−I The missing data value B can then be created from cI as follows: cI=A+B B=cI−A

This type of validity testing can then be used to test if all original data can be obtained in all other instances where 2 storage nodes on a 9 node storage grid are not operating. Next, all instances where 1 storage node is not operating on a 9 node storage grid are tested to verify whether that candidate coding algorithm is valid. If the validity testing shows that all original data can be obtained in every instance of 2 storage nodes not operating on a 9 node storage grid and every instance of 1 storage node not operating on a 9 node storage grid, then that coding algorithm would be valid to store data on a 9 node storage grid and then to retrieve all original data from that grid if up to 2 storage nodes were not operating.

These types of coding and decoding algorithms can be used by those practiced in the art of software development to create storage grids with varying numbers of storage nodes with varying numbers of storage node outages that can be tolerated by the storage grid while perfectly restoring all original data.

Obviously, many modifications and variations of the present invention are possible in light of the above teachings. Thus, it is to be understood that, within the scope of the appended claims, the invention may be practiced otherwise than is specifically described above.

What is claimed and desired to be secured by a Letters Patent of the United States is: 

1. A method for storing a string of N characters, the method comprising the steps of: (a) segmenting the string of N characters into n data subsets; (b) storing each of said n data subsets into a different storage node along with a coded value of the data subset stored in the storage node.
 2. The method as recited in claim 1, wherein step (b) includes the step of determining coded values for each of said n data subsets as a function of the data in one or more other data subsets.
 3. The method as recited in claim 1, wherein step (a) comprises: segmenting the string of N characters into 4 or more data subsets.
 4. The method as recited in claim 3, wherein step (a) comprises: segmenting the string of N characters into 6 data subsets.
 5. The method as recited in claim 3, wherein step (a) comprises: segmenting the string of N characters into 9 data subsets.
 6. The method as recited in claim 3, wherein step (a) comprises: segmenting the string of N characters into 11 data subsets.
 7. The method as recited in claim 1, further including the step of recreating the data in one or more storage nodes, when said data subsets in said one or more storage nodes becomes unavailable. 